SAP CMC Promotion Management Internal Network Enumeration Vulnerability

A vulnerability in SAP CMC Promotion Management allows authenticated attackers to enumerate internal network systems. This is achieved by sending crafted requests during job source configuration and analyzing the response times for different IP addresses and ports. Successful exploitation could lead to information disclosure, as valid network endpoints can be inferred from the response data. The vulnerability does not affect the application's integrity or availability.

Impact

Exploitation of this vulnerability could result in unauthorized information disclosure by allowing attackers to enumerate valid network endpoints.

Remediation

Users are advised to review and implement the SAP Security Note related to this vulnerability, available through the SAP Security Patch Day Bulletin. Instructions for accessing SAP Security Notes can be found on the SAP Security Notes FAQs page.